Hardware key encryption for data scrambling

ABSTRACT

Apparatus and method to scramble data prior to placing it on a bus or in memory uses embedded hardware keys for encryption/decryption. The hardware keys may be used in addition to software encryption. Different hardware keys may be used to process most significant bits and least significant bits of a data word. Different hardware keys may be used to process messages from/to different channels. The hardware key may be comprise a series of fixed logic cells.

This application claims priority under 35 U.S.C. 119 to U.S. Provisonal Application No. 60/743,995, filed Mar. 30, 2006, the entirety of which is incorporated herein by reference.

BACKGROUND

Data that is to be stored in any form of memory can be easily monitored by deprocessing of the device via looking at the memory interface bus or the memory cells directly. Existing encryption/decryption uses a soft key stored in memory. Some other approaches are described in U.S. Pat. Nos. 4,747,139; 6,690,795; and 7,024,564; all incorporated herein by reference.

SUMMARY

This invention provides apparatus and method to scramble the data prior to placing the data on the bus or in memory.

In one aspect of the invention, an embedded hardware key is used in the encrypt/decrypt process. In an example embodiment, the hardware key comprises a series of fixed logic cells. The number of cells embedded within the hardware can be larger than the actual number of cells required for the key.

The use of embedded keys within the hardware logic makes the detection and reverse engineering of the encrypt/decrypt process much more difficult, time consuming and hence costly. The key is much harder to find making the reverse engineering process more costly.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows an example embodiment for an encryption/decryption implementation in accordance with principles of the invention.

DETAILED DESCRIPTION

Data Encryption Standard (DES) refers to a widely used data encryption/decryption algorithm developed by IBM and adopted as a U.S. federal standard in 1976 by the National Institute of Standards and Technology (NIST). An overview of DES encryption is presented at http://www.tropsoft.com/strongenc/des.htm, incorporated herein by reference. “Triple DES” is a more robust implementation of DES that can be adapted to DES applications to provide greater security. Additional work is being done to increase security further for such coding schemes. See, http://www.tropsoft.com/strongenc/des3.htm, incorporated herein by reference.

FIG. 1 shows a data system wherein data in the form of a key program message is received on a bus is encrypted using a software key, such as a conventional DES or Triple DES algorithm encryption. Then, to further secure the data against detection of the transmitted data and/or software key used for encryption, the data is further subjected to a hardware key encryption using a hardware key, before being transmitted to a memory bus and then to a memory. The data is thus delivered to the bus for storage in memory in both software and hardware encrypted form. At retrieval from memory, the process is reversed, with the retrieved data first subjected to a hardware decryption and then, either then or later, subjected to a software decryption.

As shown in FIG. 1, to make hacking harder, one hardware encryption key can be used for most significant bits of a data word and another for least significant bits (HW KEY 1, HW KEY 2). Likewise, software control can be implemented, so messages received from or delivered to one communication channel, application program, etc., can be encrypted/decrypted by one hardware key; while those from or to another communication channel, application program, etc., are encrypted/decrypted by another hardware key.

In a preferred implementation, the hardware encryption/decryption mechanism is positioned in a data communication system, to minimize hacking of data at more vulnerable parts of the system. For example, data encrypted over an internet channel that is normally decrypted within a local system, can be hardware encrypted for remote elements of the local system (viz., for delivery from a pc to shared storage). In another example, encryption is done in a cellphone between the receiver decoded call and a local memory storage of sensitive information. In one implementation, the functional blocks shown within the dashed lines in FIG. 1 may be implemented on a single integrated circuit chip, so that all communications off the chip are encrypted. For example, the messages that are received from external sources in Triple DES encryption are decrypted, then encrypted using the local hardware key or keys before transmission onto a local bus, such as for delivery to a flash ROM memory.

The hardware keys may each comprise a series of fixed logic cells.

Those skilled in the art to which the invention relates will appreciate that the many other embodiments and variations of the described example embodiments exist within the scope of the invention. 

1. A system for encrypting/decrypting data, comprising at least one hardware key embedded within hardware logic for encrypting/decrypting data.
 2. The system of claim 1, wherein the hardware key functions to encrypt data that has previously been encrypted using a software key. 